Merge pull request #2915 from giuseppe/rootless-do-not-block-sigtstp

rootless: do not block SIGTSTP

pkg/rootless/rootless_linux.c

@@ -16,6 +16,8 @@
 #include <sys/types.h>
 #include <sys/prctl.h>
 #include <dirent.h>
+#include <termios.h>
+#include <sys/ioctl.h>
 
 static const char *_max_user_namespaces = "/proc/sys/user/max_user_namespaces";
 static const char *_unprivileged_user_namespaces = "/proc/sys/kernel/unprivileged_userns_clone";
@@ -178,6 +180,11 @@ reexec_userns_join (int userns, int mountns)
       _exit (EXIT_FAILURE);
     }
 
+  if (isatty (1) && ioctl (1, TIOCSCTTY, 0) == -1) {
+      fprintf (stderr, "cannot ioctl(TIOCSCTTY): %s\n", strerror (errno));
+      _exit (EXIT_FAILURE);
+  }
+
   if (setns (userns, 0) < 0)
     {
       fprintf (stderr, "cannot setns: %s\n", strerror (errno));

pkg/rootless/rootless_linux.go

@@ -28,6 +28,10 @@ extern int reexec_userns_join(int userns, int mountns);
 */
 import "C"
 
+const (
+	numSig = 65 // max number of signals
+)
+
 func runInUser() error {
 	os.Setenv("_CONTAINERS_USERNS_CONFIGURED", "done")
 	return nil
@@ -283,7 +287,15 @@ func BecomeRootInUserNS() (bool, int, error) {
 
 	c := make(chan os.Signal, 1)
 
-	gosignal.Notify(c)
+	signals := []os.Signal{}
+	for sig := 0; sig < numSig; sig++ {
+		if sig == int(syscall.SIGTSTP) {
+			continue
+		}
+		signals = append(signals, syscall.Signal(sig))
+	}
+
+	gosignal.Notify(c, signals...)
 	defer gosignal.Reset()
 	go func() {
 		for s := range c {